Vulnerabilidades em SAP SE

778 resultados
CVE-2018-2413MEDIUMSAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileEPSS 1.5%CVE-2020-6263MEDIUMStandalone clients connecting to SAP NetWeaver AS Java via P4 Protocol, versions (SAP-JEECOR 7.00, 7.01; SERVERCOR 7.10, 7.11, 7.20, 7.30, 7EPSS 1.4%CVE-2021-21446HIGHSAP NetWeaver AS ABAP, versions 740, 750, 751, 752, 753, 754, 755, allows an unauthenticated attacker to prevent legitimate users from accesEPSS 1.4%CVE-2018-2412LOWSAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileEPSS 1.4%CVE-2020-6275HIGHSAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, are vulnerable for Server Side Request ForgEPSS 1.4%CVE-2020-26830HIGHSAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authenticated uEPSS 1.4%CVE-2019-0315Under certain conditions the PI Integration Builder Web UI of SAP NetWeaver Process Integration (versions: SAP_XIESR: 7.10 to 7.11, 7.20, 7.EPSS 1.4%CVE-2019-0270ABAP Server of SAP NetWeaver and ABAP Platform fail to perform necessary authorization checks for an authenticated user, resulting in escalaEPSS 1.4%CVE-2019-0258SAP Disclosure Management, version 10.01, does not perform necessary authorization checks for an authenticated user, resulting in escalationEPSS 1.4%CVE-2022-28773Due to an uncontrolled recursion in SAP Web Dispatcher and SAP Internet Communication Manager, the application may crash, leading to denial EPSS 1.4%CVE-2019-0365SAP Kernel (RFC), KRNL32NUC, KRNL32UC and KRNL64NUC before versions 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64UC, before versions 7.21, 7.21EXT, 7EPSS 1.4%CVE-2022-28772By overlong input values an attacker may force overwrite of the internal program stack in SAP Web Dispatcher - versions 7.53, 7.77, 7.81, 7.EPSS 1.4%CVE-2021-21493MEDIUMWhen a user opens manipulated Graphics Interchange Format (.GIF) format files received from untrusted sources in SAP 3D Visual Enterprise ViEPSS 1.4%CVE-2020-26815HIGHSAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request tEPSS 1.4%CVE-2019-0257Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02, from 7.10 to 7.11, 7.30, 7.31, 7.40, from 7EPSS 1.4%CVE-2020-6240MEDIUMSAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticateEPSS 1.4%CVE-2021-27595MEDIUMWhen a user opens manipulated Portable Document Format (.PDF) files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the EPSS 1.4%CVE-2020-6198CRITICALSAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker EPSS 1.4%CVE-2022-26101Fiori launchpad - versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulneEPSS 1.4%CVE-2022-24399The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file usingEPSS 1.4%